Utility
Home Messaggi odierni FAQ Ricerca avanzata Lo staff del forum Regolamento Utenti Archivio
Visualizzazione dei risultati da 1 a 5 su 5

Discussione: virus che riavvia SO

  1. 29-12-2009, 10:19 #1
    davide19791979
    davide19791979 non è in linea
    Utente di HTML.it
    Registrato dal
    Mar 2008
    Messaggi
    18

    virus che riavvia SO

    Salve ragazzi credo di aver un problema con un virus! Ho un grupppo UPS della trust a cui è collegato il mio PC ma dopo 12 ore che è acceso il mio pc si riavvia...forse ho un virus che gli dice di fare questo??
    Vi posto il log di hijackthis:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 9.14.56, on 29/12/2009
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.5730.0013)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Programmi\File comuni\Acronis\Schedule2\schedul2.exe
    C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    C:\WINDOWS\system32\drivers\CDAC11BA.EXE
    C:\Programmi\Java\jre6\bin\jqs.exe
    C:\Programmi\Microsoft SQL Server\MSSQL$SQLINFOTEL\Binn\sqlservr.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Programmi\File comuni\Acronis\Fomatik\TrueImageTryStartService.ex e
    C:\PROGRA~1\AVG\AVG8\avgrsx.exe
    C:\PROGRA~1\AVG\AVG8\avgnsx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\PROGRA~1\AVG\AVG8\avgtray.exe
    C:\Programmi\Java\jre6\bin\jusched.exe
    C:\Programmi\File comuni\Real\Update_OB\realsched.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Programmi\Winamp\winampa.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
    C:\Programmi\DAEMON Tools Lite\daemon.exe
    C:\Programmi\Nokia\Nokia PC Suite 7\PCSuite.exe
    C:\Programmi\Messenger\msmsgs.exe
    C:\Programmi\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
    C:\Programmi\File comuni\Nikon\Monitor\NkMonitor.exe
    C:\Programmi\Internet Explorer\iexplore.exe
    C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
    C:\Programmi\PC Connectivity Solution\Transports\NclUSBSrv.exe
    C:\Programmi\PC Connectivity Solution\Transports\NclRSSrv.exe
    C:\Programmi\PC Connectivity Solution\Transports\NclMSBTSrv.exe
    C:\Programmi\Internet Explorer\iexplore.exe
    C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programmi\AVG\AVG8\avgssie.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programmi\Epson Software\Easy Photo Print\EPTBL.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugi n.dll
    O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O3 - Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programmi\Epson Software\Easy Photo Print\EPTBL.dll
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [Skype Recorder] "C:\Programmi\Skype Recorder\Skype Recorder.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [WinampAgent] C:\Programmi\Winamp\winampa.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Programmi\DAEMON Tools Lite\daemon.exe" -autorun
    O4 - HKCU\..\Run: [PC Suite Tray] "C:\Programmi\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
    O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Davide\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe" /c
    O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [EPSON B1100 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIF EE.EXE /FU "C:\WINDOWS\TEMP\E_S58.tmp" /EF "HKCU"
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: Nikon Monitor.lnk = C:\Programmi\File comuni\Nikon\Monitor\NkMonitor.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Gestione servizi.lnk = C:\Programmi\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
    O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
    O16 - DPF: {ED51468C-AF35-41D3-B37D-08FD136CF650} (AMV Stream Control Class) - http://www.venetaingegneria.it/img/s...AMVControl.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{D9FCD03A-CBBF-4CE8-BE18-1BF3B41D75EC}: NameServer = 85.37.17.16 85.38.28.68
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programmi\AVG\AVG8\avgpp.dll
    O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
    O20 - Winlogon Notify: mlJCSiIy - C:\WINDOWS\
    O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Programmi\File comuni\Acronis\Schedule2\schedul2.exe
    O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
    O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Programmi\File comuni\Macromedia Shared\Service\Macromedia Licensing.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
    O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - C:\Programmi\File comuni\Acronis\Fomatik\TrueImageTryStartService.ex e

    --
    End of file - 8403 bytes

    grazie ragazzi ...datemi un a mano per favore!

    Ciao
    Rispondi quotando Rispondi quotando
  2. 29-12-2009, 23:12 #2
    amvinfe
    amvinfe non è in linea
    Moderatore di Sicurezza informatica e virus L'avatar di amvinfe
    Registrato dal
    May 2002
    Messaggi
    6,739
    e se fosse dovuto proprio all'UPS?

    Hai già provato a non collegarlo all'UPS per più di 12 ore? :master:


    se così fosse, esegui una scansione online, posta il risultato
    http://www.pandasoftware.com/actives..._principal.htm
    ==
    Visita il mio blog SuspectFile.com
    ==
    Rispondi quotando Rispondi quotando
  3. 30-12-2009, 14:10 #3
    davide19791979
    davide19791979 non è in linea
    Utente di HTML.it
    Registrato dal
    Mar 2008
    Messaggi
    18
    Originariamente inviato da amvinfe
    e se fosse dovuto proprio all'UPS?

    Hai già provato a non collegarlo all'UPS per più di 12 ore? :master:
    No non ho provato ma perché - scusa la mia ignoranza - ma l'UPS ha un auotonomia di 12 ore anche se la corrente non va mai via?? Cioè io so che - dalle specifiche - ha un'autonomia di 30 min quando va via la corrente ma se la corrente non va via come si spiega ??

    faccio scansione e posto nell'attesa, ok.

    Grazie davide
    Rispondi quotando Rispondi quotando
  4. 04-01-2010, 12:09 #4
    davide19791979
    davide19791979 non è in linea
    Utente di HTML.it
    Registrato dal
    Mar 2008
    Messaggi
    18
    Originariamente inviato da amvinfe

    se così fosse, esegui una scansione online, posta il risultato
    http://www.pandasoftware.com/actives..._principal.htm
    Posto il .txt della scansione:

    ;************************************************* ************************************************** ************************************************** ******************************
    ANALYSIS: 2009-12-30 20:27:27
    PROTECTIONS: 1
    MALWARE: 23
    SUSPECTS: 16
    ;************************************************* ************************************************** ************************************************** ******************************
    PROTECTIONS
    Description Version Active Updated
    ;================================================= ================================================== ================================================== ==============================
    AVG Anti-Virus Free 8.5 Yes Yes
    ;================================================= ================================================== ================================================== ==============================
    MALWARE
    Id Description Type Active Severity Disinfectable Disinfected Location
    ;================================================= ================================================== ================================================== ==============================
    00122168 Application/Restart HackTools No 0 Yes No c:\windows\system32\tools\restart.exe
    00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No c:\documents and settings\davide\cookies\davide@doubleclick[1].txt
    00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No c:\documents and settings\davide\cookies\davide@atdmt[1].txt
    00167642 Cookie/Com.com TrackingCookie No 0 Yes No c:\documents and settings\davide\cookies\davide@com[1].txt
    00167704 Cookie/Xiti TrackingCookie No 0 Yes No c:\documents and settings\davide\cookies\davide@xiti[1].txt
    00167749 Cookie/Toplist TrackingCookie No 0 Yes No c:\documents and settings\davide\cookies\davide@toplist[1].txt
    00167753 Cookie/Statcounter TrackingCookie No 0 Yes No c:\documents and settings\davide\cookies\davide@statcounter[1].txt
    00168061 Cookie/Apmebf TrackingCookie No 0 Yes No c:\documents and settings\davide\cookies\davide@apmebf[1].txt
    00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No c:\documents and settings\davide\cookies\davide@server.iad.livepers on[1].txt
    00170550 Cookie/Humanclick TrackingCookie No 0 Yes No c:\documents and settings\davide\cookies\davide@hc2.humanclick[2].txt
    00171633 Cookie/Cgi-bin TrackingCookie No 0 Yes No c:\documents and settings\davide\cookies\davide@cgi-bin[2].txt
    00286736 Cookie/Cgi-bin TrackingCookie No 0 Yes No c:\documents and settings\davide\impostazioni locali\temp\cookies\davide@cgi-bin[1].txt
    00611820 Adware/AntivirusPro2009 Adware No 0 No No d:\recycler\s-1-5-21-436374069-746137067-1343024091-1003\dd48\( 2008 ) virtual vinil dj .rar[setup.exe][setup.exe][setup_01.exe][setup_01.exe][setup_00.exe][setup_00.exe][loader.exe]
    01379000 W32/Autorun.JBR Virus/Trojan No 1 No No d:\recycler\s-1-5-21-436374069-746137067-1343024091-1003\dd48\( 2008 ) virtual vinil dj .rar[setup.exe][setup.exe][setup_01.exe][setup_01.exe][vg.exe][runvg.exe]
    01692596 Generic Malware Virus/Trojan No 0 Yes No i:\back up roma\musica\corso hacker italiano\virii01.vir[12345678.exe]
    03074964 Trj/CI.A Virus/Trojan No 0 Yes No i:\system volume information\_restore{8d2363ca-1cf6-47cb-97ca-f73e86f9ba42}\rp1\a0000048.exe
    03074964 Trj/CI.A Virus/Trojan No 0 Yes No c:\documents and settings\davide\impostazioni locali\temp\rar$ex51.3407\percussion.studio.v3.0d. winall.incl.keymaker-arn\keygen.exe
    03074964 Trj/CI.A Virus/Trojan No 0 Yes No c:\documents and settings\davide\impostazioni locali\temp\rar$ex02.220\percussion.studio.v3.0d.w inall.incl.keymaker-arn\keygen.exe
    03074964 Trj/CI.A Virus/Trojan No 0 Yes No c:\documents and settings\davide\desktop\percussion[1].studio.v3.0d setup+ keygen.zip[percussion.studio.v3.0d.winall.incl.keymaker-arn/keygen.exe]
    03074964 Trj/CI.A Virus/Trojan No 0 Yes No i:\system volume information\_restore{8d2363ca-1cf6-47cb-97ca-f73e86f9ba42}\rp2\a0000089.exe
    03509749 Trj/Spy.YK Virus/Trojan No 0 No No d:\recycler\s-1-5-21-436374069-746137067-1343024091-1003\dd48\$$$ virtual dj home edition v 2009 complet .zip[setup.exe][setup.exe][install.exe]
    03509749 Trj/Spy.YK Virus/Trojan No 0 No No d:\recycler\s-1-5-21-436374069-746137067-1343024091-1003\dd48\( 2008 ) virtual vinil dj .rar[setup.exe][setup.exe][install.exe]
    03898919 Generic Malware Virus/Trojan No 0 Yes No i:\back up roma\varie\win rar 3.00 - full with crack.zip[win rar 3.00/crack winrar 3.00/tsrh-wrar3b6uni_crk.zip][tsrh-wrar3b6uni_crk.exe]
    03919079 Generic Malware Virus/Trojan No 0 Yes No i:\back up roma\varie\win rar 3.00 - full with crack.zip[win rar 3.00/crack winrar 3.00/tsrh-wrar3b6uni_crk.zip][azl_wrar28_kg.exe]
    04414873 Generic Trojan Virus/Trojan No 0 Yes No i:\back up roma\musica\ahead.nero.burning.rom.v6.3.1.6.ultra. edition.incl.keygen-orion-pleasuredome101\keygen.exe
    04856202 Generic Trojan Virus/Trojan No 0 Yes No i:\back up - pc davide\desktop cartelle\software installatori\img2cad_v7.0_by_lovepascal.zip[img2cad(v7.0).patched.exe]
    05058566 Generic Trojan Virus/Trojan No 0 No No d:\recycler\s-1-5-21-436374069-746137067-1343024091-1003\dd48\( 2008 ) virtual vinil dj .rar[setup.exe][setup.exe][setup_01.exe][setup_01.exe][setup_00.exe][setup_00.exe][wr-1-2~1.exe]
    ;================================================= ================================================== ================================================== ==============================
    SUSPECTS
    Sent Location
    ;================================================= ================================================== ================================================== ==============================
    No c:\system volume information\_restore{2b9b0cea-901b-4168-af97-a5a6d9336d0f}\rp33\a0008490.exe
    No d:\recycler\s-1-5-21-436374069-746137067-1343024091-1003\dd48\$$$ virtual dj home edition v 2009 complet .zip[setup.exe][setup.exe][setup_00.exe][setup_00.exe][babyloninstaller9105s.exe]
    No d:\recycler\s-1-5-21-436374069-746137067-1343024091-1003\dd48\( 2008 ) virtual vinil dj .rar[setup.exe][setup.exe][setup_01.exe][setup_01.exe][vg.exe]
    No d:\recycler\s-1-5-21-436374069-746137067-1343024091-1003\dd49.rar[macromedia_dreamweaver__fireworks___flash_8[1].0.exe]
    No i:\back up - pc davide\avenger.exe
    No i:\back up roma\musica\real player v10 gold ita + crack.rar[real_player_10_premium-crack.rar][activator.exe]
    No i:\back up roma\varie\audio\rosoftaudiotoolsfree.exe
    No i:\system volume information\_restore{3ffa8a03-75de-46e4-acde-f8723d07de1f}\rp37\a0008801.exe
    No i:\system volume information\_restore{3ffa8a03-75de-46e4-acde-f8723d07de1f}\rp39\a0010055.exe
    No i:\system volume information\_restore{3ffa8a03-75de-46e4-acde-f8723d07de1f}\rp39\a0011057.exe
    No i:\system volume information\_restore{3ffa8a03-75de-46e4-acde-f8723d07de1f}\rp41\a0011870.exe
    No i:\system volume information\_restore{3ffa8a03-75de-46e4-acde-f8723d07de1f}\rp44\a0012024.exe
    No i:\system volume information\_restore{3ffa8a03-75de-46e4-acde-f8723d07de1f}\rp44\a0012046.exe
    No i:\system volume information\_restore{3ffa8a03-75de-46e4-acde-f8723d07de1f}\rp46\a0012219.exe
    No i:\system volume information\_restore{3ffa8a03-75de-46e4-acde-f8723d07de1f}\rp46\a0012271.exe
    No i:\system volume information\_restore{3ffa8a03-75de-46e4-acde-f8723d07de1f}\rp46\a0012278.exe
    ;================================================= ================================================== ================================================== ==============================
    VULNERABILITIES
    Id Severity Description
    ;================================================= ================================================== ================================================== ==============================
    213109 HIGH MS09-046
    212494 HIGH MS09-042
    212493 HIGH MS09-041
    212490 HIGH MS09-038
    212530 HIGH MS09-034
    211784 HIGH MS09-032
    211781 HIGH MS09-029
    210625 HIGH MS09-026
    210624 HIGH MS09-025
    210621 HIGH MS09-022

    Grazie Davide
    Rispondi quotando Rispondi quotando
  5. 04-01-2010, 21:05 #5
    davide19791979
    davide19791979 non è in linea
    Utente di HTML.it
    Registrato dal
    Mar 2008
    Messaggi
    18
    Scusatemi...mi ero dimenticato di pulire tutto con CCcleaner prima di fare la scansione e di inserire la pennetta usb che utilizzo...
    Riposto il risultato del PandaVirus Scan.

    ;************************************************* ************************************************** ************************************************** ******************************
    ANALYSIS: 2010-01-04 19:51:08
    PROTECTIONS: 1
    MALWARE: 9
    SUSPECTS: 14
    ;************************************************* ************************************************** ************************************************** ******************************
    PROTECTIONS
    Description Version Active Updated
    ;================================================= ================================================== ================================================== ==============================
    AVG Anti-Virus Free 8.5 Yes Yes
    ;================================================= ================================================== ================================================== ==============================
    MALWARE
    Id Description Type Active Severity Disinfectable Disinfected Location
    ;================================================= ================================================== ================================================== ==============================
    00122168 Application/Restart HackTools No 0 Yes No c:\windows\system32\tools\restart.exe
    00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No c:\documents and settings\davide\cookies\davide@doubleclick[2].txt
    00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No c:\documents and settings\davide\cookies\davide@atdmt[1].txt
    01692596 Generic Malware Virus/Trojan No 0 Yes No i:\back up roma\musica\corso hacker italiano\virii01.vir[12345678.exe]
    03074964 Trj/CI.A Virus/Trojan No 0 Yes No i:\system volume information\_restore{8d2363ca-1cf6-47cb-97ca-f73e86f9ba42}\rp1\a0000048.exe
    03074964 Trj/CI.A Virus/Trojan No 0 Yes No i:\system volume information\_restore{8d2363ca-1cf6-47cb-97ca-f73e86f9ba42}\rp2\a0000089.exe
    03074964 Trj/CI.A Virus/Trojan No 0 Yes No g:\archivio\installatori\setup altri\setup_programmi\percussionstudio[1].v3.1.winall.incl.keygenerator-tmg.zip[percussion studio v3.03_setup.exe]
    03074964 Trj/CI.A Virus/Trojan No 0 Yes No c:\documents and settings\davide\desktop\percussion[1].studio.v3.0d setup+ keygen.zip[percussion.studio.v3.0d.winall.incl.keymaker-arn/keygen.exe]
    03898919 Generic Malware Virus/Trojan No 0 Yes No i:\back up roma\varie\win rar 3.00 - full with crack.zip[win rar 3.00/crack winrar 3.00/tsrh-wrar3b6uni_crk.zip][tsrh-wrar3b6uni_crk.exe]
    03919079 Generic Malware Virus/Trojan No 0 Yes No i:\back up roma\varie\win rar 3.00 - full with crack.zip[win rar 3.00/crack winrar 3.00/tsrh-wrar3b6uni_crk.zip][azl_wrar28_kg.exe]
    04414873 Generic Trojan Virus/Trojan No 0 Yes No i:\back up roma\musica\ahead.nero.burning.rom.v6.3.1.6.ultra. edition.incl.keygen-orion-pleasuredome101\keygen.exe
    04856202 Generic Trojan Virus/Trojan No 0 Yes No i:\back up - pc davide\desktop cartelle\software installatori\img2cad_v7.0_by_lovepascal.zip[img2cad(v7.0).patched.exe]
    ;================================================= ================================================== ================================================== ==============================
    SUSPECTS
    Sent Location
    ;================================================= ================================================== ================================================== ==============================
    No c:\system volume information\_restore{2b9b0cea-901b-4168-af97-a5a6d9336d0f}\rp33\a0008490.exe
    No d:\recycler\s-1-5-21-436374069-746137067-1343024091-1003\dd49.rar[macromedia_dreamweaver__fireworks___flash_8[1].0.exe]
    No i:\back up - pc davide\avenger.exe
    No i:\back up roma\musica\real player v10 gold ita + crack.rar[real_player_10_premium-crack.rar][activator.exe]
    No i:\back up roma\varie\audio\rosoftaudiotoolsfree.exe
    No i:\system volume information\_restore{3ffa8a03-75de-46e4-acde-f8723d07de1f}\rp37\a0008801.exe
    No i:\system volume information\_restore{3ffa8a03-75de-46e4-acde-f8723d07de1f}\rp39\a0010055.exe
    No i:\system volume information\_restore{3ffa8a03-75de-46e4-acde-f8723d07de1f}\rp39\a0011057.exe
    No i:\system volume information\_restore{3ffa8a03-75de-46e4-acde-f8723d07de1f}\rp41\a0011870.exe
    No i:\system volume information\_restore{3ffa8a03-75de-46e4-acde-f8723d07de1f}\rp44\a0012024.exe
    No i:\system volume information\_restore{3ffa8a03-75de-46e4-acde-f8723d07de1f}\rp44\a0012046.exe
    No i:\system volume information\_restore{3ffa8a03-75de-46e4-acde-f8723d07de1f}\rp46\a0012219.exe
    No i:\system volume information\_restore{3ffa8a03-75de-46e4-acde-f8723d07de1f}\rp46\a0012271.exe
    No i:\system volume information\_restore{3ffa8a03-75de-46e4-acde-f8723d07de1f}\rp46\a0012278.exe
    ;================================================= ================================================== ================================================== ==============================
    VULNERABILITIES
    Id Severity Description
    ;================================================= ================================================== ================================================== ==============================
    213109 HIGH MS09-046
    212494 HIGH MS09-042
    212493 HIGH MS09-041
    212490 HIGH MS09-038
    212530 HIGH MS09-034
    211784 HIGH MS09-032
    211781 HIGH MS09-029
    210625 HIGH MS09-026
    210624 HIGH MS09-025
    210621 HIGH MS09-022
    210618 HIGH MS09-019
    208380 HIGH MS09-015
    208379 HIGH MS09-014
    208378 HIGH MS09-013
    208377 HIGH MS09-012
    206981 HIGH MS09-007
    206980 HIGH MS09-006
    205735 HIGH MS09-002
    204670 HIGH MS09-001
    203806 HIGH MS08-078
    203508 HIGH MS08-073
    203505 HIGH MS08-071
    202465 HIGH MS08-068
    201683 HIGH MS08-067
    201258 HIGH MS08-066
    201256 HIGH MS08-064
    201255 HIGH MS08-063
    201253 HIGH MS08-061
    201250 HIGH MS08-058
    209275 HIGH MS08-049
    209273 HIGH MS08-045
    196455 MEDIUM MS08-037
    194862 HIGH MS08-032
    194861 HIGH MS08-031
    194860 HIGH MS08-030
    191618 HIGH MS08-025
    191617 HIGH MS08-024
    191616 HIGH MS08-023
    191614 HIGH MS08-021
    191613 HIGH MS08-020
    187735 HIGH MS08-010
    187733 HIGH MS08-008
    184380 MEDIUM MS08-002
    184379 MEDIUM MS08-001
    182048 HIGH MS07-069
    182046 HIGH MS07-067
    179553 HIGH MS07-061
    176383 HIGH MS07-058
    176382 HIGH MS07-057
    170911 HIGH MS07-050
    170907 HIGH MS07-046
    170906 HIGH MS07-045
    170904 HIGH MS07-043
    164915 HIGH MS07-035
    164913 HIGH MS07-033
    164911 HIGH MS07-031
    160623 HIGH MS07-027
    157262 HIGH MS07-022
    157261 HIGH MS07-021
    157260 HIGH MS07-020
    157259 HIGH MS07-019
    156477 HIGH MS07-017
    150253 HIGH MS07-016
    150249 HIGH MS07-013
    150248 HIGH MS07-012
    150247 HIGH MS07-011
    150243 HIGH MS07-008
    150242 HIGH MS07-007
    150241 MEDIUM MS07-006
    145501 HIGH MS07-004
    141033 MEDIUM MS06-075
    137571 HIGH MS06-070
    133387 MEDIUM MS06-065
    133386 MEDIUM MS06-064
    133385 MEDIUM MS06-063
    133379 HIGH MS06-057
    129977 MEDIUM MS06-053
    129976 MEDIUM MS06-052
    126093 HIGH MS06-051
    126092 MEDIUM MS06-050
    126087 HIGH MS06-046
    126086 MEDIUM MS06-045
    126082 HIGH MS06-041
    126081 HIGH MS06-040
    123421 HIGH MS06-036
    123420 HIGH MS06-035
    120825 MEDIUM MS06-032
    120823 MEDIUM MS06-030
    120818 HIGH MS06-025
    120815 HIGH MS06-022
    117384 MEDIUM MS06-018
    114666 HIGH MS06-015
    108744 MEDIUM MS06-008
    108743 MEDIUM MS06-007
    108742 MEDIUM MS06-006
    104567 HIGH MS06-002
    104237 HIGH MS06-001
    96574 HIGH MS05-053
    93395 HIGH MS05-051
    93454 MEDIUM MS05-049
    ;================================================= ================================================== ================================================== ==============================
    dove:
    i:\ è un HD esterno collegato USB
    g:\ è una pennetta USB
    d:\ è una partizione del mio HD principale

    grazie davide
    Rispondi quotando Rispondi quotando
« Discussione precedente | Prossima discussione »

Permessi di invio

  • Non puoi inserire discussioni
  • Non puoi inserire repliche
  • Non puoi inserire allegati
  • Non puoi modificare i tuoi messaggi
  •  

Regole del Forum

Powered by vBulletin® Version 4.2.1
Copyright © 2026 vBulletin Solutions, Inc. All rights reserved.